JDK-8361117 : SIGSEGV in LShiftLNode::Ideal due to unexpected dead node
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 9,11,17
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: linux_ubuntu
  • CPU: x86_64
  • Submitted: 2025-06-25
  • Updated: 2025-12-09
  • Resolved: 2025-11-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17
17.0.19-oracle masterFixed
Related Reports
Duplicate :  
JDK-8317351 - SIGSEGV in LShiftLNode::Ideal
Relates :  
JDK-8371628 - C2: add a test case for the arraycopy changes in JDK-8297933
Relates :  
JDK-8297933 - [REDO] Compiler should only use verified interface types for optimization
Description
ADDITIONAL SYSTEM INFORMATION :
wsl2-ubuntu 22.04
Linux 5.15.167.4-microsoft-standard-WSL2 #1 SMP Tue Nov 5 00:21:55 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

java version "11.0.27" 2025-04-15 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.27+8-LTS-232)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.27+8-LTS-232, mixed mode)

java 17.0.15 2025-04-15 LTS
Java(TM) SE Runtime Environment (build 17.0.15+9-LTS-241)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.15+9-LTS-241, mixed mode, sharing)

Eclipse Compiler for Java(TM) v20250526-2018, 3.42.0, Copyright IBM Corp 2000, 2020. All rights reserved.

A DESCRIPTION OF THE PROBLEM :
Using Eclipse compiler for Java (ECJ) to compile the following test program and running it with HotSpot will cause JVM crash in JDK 11/17. However, OpenJ9 can run the same bytecode successfully.

Using javac to compile the same test program will execute successfully.

The ECJ version is 4.36 and can be downloaded from https://www.eclipse.org/downloads/download.php?file=/eclipse/downloads/drops4/R-4.36-202505281830/ecj-4.36.jar

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Using JDK 17, run the following command:
```
java -jar ecj-4.36.jar --release 17 Test.java
java Test
```

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The program should execute successfully.
ACTUAL -
The program will crash with the following error:
```
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007fbdaa2c4648, pid=2673, tid=2686
#
# JRE version: Java(TM) SE Runtime Environment (17.0.15+9) (build 17.0.15+9-LTS-241)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (17.0.15+9-LTS-241, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0xbbe648]  LShiftLNode::Ideal(PhaseGVN*, bool)+0x378
...
```

---------- BEGIN SOURCE ----------
class Test {
    public static void test() {
        int size = 1000;
        int[] arr1 = new int[size];
        int[] arr2 = new int[size];
        for (int i = 0; i < size; i++) {
            arr1[i] = i;
        }
        for (int i = 0; i < size; i += 10) {
            for (int j = 0; j < 5; j++) {
                int srcPos = i + j;
                int destPos = i + j;
                int length = 5 - j;
                java.lang.System.arraycopy(arr1, srcPos, arr2, destPos,
                        length);
            }
        }
    }

    public static void main(String[] args) {
        for (int i = 0; i < 10_000; i++) {
            test();
        }
    }
}
---------- END SOURCE ----------
Comments
Fix Request (jdk17u-dev): The PR fixes the C2 compiler crashes which can be reproduced in 17u. The fix is a clean backport of a small part of JDK-8297933. The backport is reviewed by the original author of that large change and a regression test is added. Tier1-4 have passed.
08-12-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk17u-dev/pull/4204 Date: 2025-12-05 12:07:37 +0000
05-12-2025
Confirming that the test no longer crashes with the arraycopy fix from JDK-8297933. Reproducer worked with javac too.
05-11-2025
Since this does not affect JDK >= 21, I'll leave it to sustaining if they want to pull out the fix from JDK-8297933 and backport to JDK < 21. Paging [~dskantz].
02-07-2025
ILW = Crash during C2 compilation because of unexpected dead node, reproducible with Eclipse Java Compiler and simple test, -XX:ArrayCopyLoadStoreMaxElem=0 = HML = P2
02-07-2025
I can reproduce this until JDK-8297933 in JDK 21. # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007f146c84f34e, pid=3140302, tid=3140315 # # JRE version: Java(TM) SE Runtime Environment (20.0.2+9) (fastdebug build 20.0.2+9-78) # Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 20.0.2+9-78, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64) # Problematic frame: # V [libjvm.so+0x164f34e] LShiftLNode::Ideal(PhaseGVN*, bool)+0x3e Current CompileTask: C2: 48 8 % 4 Test::test @ 17 (87 bytes) Stack: [0x00007955f6300000,0x00007955f6400000], sp=0x00007955f63fa2c0, free space=1000k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x16ac49e] LShiftLNode::Ideal(PhaseGVN*, bool)+0x3e V [libjvm.so+0x17f4734] PhaseIterGVN::transform_old(Node*)+0x1d4 V [libjvm.so+0x69bbda] ArrayCopyNode::prepare_array_copy(PhaseGVN*, bool, Node*&, Node*&, Node*&, Node*&, BasicType&, Type const*&, bool&)+0x13ba V [libjvm.so+0x6a1fb1] ArrayCopyNode::Ideal(PhaseGVN*, bool)+0xf31 V [libjvm.so+0x17f4618] PhaseIterGVN::transform_old(Node*)+0xb8 V [libjvm.so+0x17ede6e] PhaseIterGVN::optimize()+0x6e V [libjvm.so+0xb0681a] PhaseIdealLoop::optimize(PhaseIterGVN&, LoopOptsMode)+0x65a V [libjvm.so+0xb02dc5] Compile::Optimize()+0x1185 V [libjvm.so+0xb04df0] Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x1520 V [libjvm.so+0x91c04a] C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x62a V [libjvm.so+0xb13958] CompileBroker::invoke_compiler_on_method(CompileTask*)+0xbb8 V [libjvm.so+0xb14948] CompileBroker::compiler_thread_loop()+0x6f8 V [libjvm.so+0x1aa4818] JavaThread::thread_main_inner()+0x238 V [libjvm.so+0x1aafd90] Thread::call_run()+0x100 V [libjvm.so+0x1760c34] thread_native_entry(Thread*)+0x104 C [libc.so.6+0x9caa4] With JDK < 19, we hit an assert but it's the same issue: # A fatal error has been detected by the Java Runtime Environment: # # Internal Error (/opt/mach5/mesos/work_dir/slaves/779adf21-f3e5-4e6a-a889-8cc0f9bc6fbb-S66830/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/3d5f8ab6-9afc-494f-b522-99fb95c4992c/runs/5797d95c-314c-4c3b-af67-87deb4e0b374/workspace/open/src/hotspot/share/opto/phaseX.hpp:225), pid=3140957, tid=3140970 # assert(n != __null) failed: must not be null # # JRE version: Java(TM) SE Runtime Environment (18.0.2+9) (fastdebug build 18.0.2+9-61) # Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 18.0.2+9-61, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64) # Problematic frame: # V [libjvm.so+0x1565354] LShiftLNode::Ideal(PhaseGVN*, bool)+0x8d4 I can reproduce this back until JDK 9u (but not with JDK 8u). This was also reported by JDK-8317351 which we could never reproduce. I'm closing JDK-8317351 as duplicate.
01-07-2025
Quickly had a look at JDK-8297933 and changes in src/hotspot/share/opto/arraycopynode.cpp might well have fixed this. [~roland] do you remember why these changes were required? UPDATE: Ah, you described it in the PR (https://github.com/openjdk/jdk/pull/11666): "arraycopynode.cpp: a crash happens because dest_offset and src_offset are the same. The call to transform that results in src_scale, causes src_offset (and thus dest_offset) to become dead. The fix is to add a hook node to preserve dest_offset. This is unrelated to 6312651 but it triggers with that change for some reason."
01-07-2025